BSidesLV Preview: Open Source Pentesting and Forensic Distribution

Security BSides Las Vegas – which will be held on July 31st & August 1st – is less than two months away, and so we are continuing our series highlighting some of the fantastic presentations that are slated for the event.

Next up is Prajwal Panchmahalkar’s (@Pr4jwal) session titled Matriux Leandros – An Open Source Penetration Testing and Forensic Distribution, which examines the first full-fledged Debian-based security distribution designed for penetration testing and forensic investigations.

Panchmahalkar’s session abstract states that while Matriux is “primarily designed for security enthusiasts and professionals, it can also be used by any Linux user as a desktop system for day-to-day computing.”

Aside from the standard Debian software, the Matriux Arsenal has a custom-built Linux kernel and also contains a collection of over 350 of the most versatile penetration testing tools, with an additional 20+ tools that are being added at every new release cycle twice per year.

Matriux is designed to “provide better performance and higher support for hardware to work even with a Pentium IV and 512 MB RAM comfortably.”

The Matriux Arsenal was first released in 2009 under the name Lithium, and was followed up by Xenon which is based on Ubuntu.

Matriux Krypton was released in 2011 when Panchmahalkar’s team moved their system to Debian, then was followed by Matriux Ec-Centric in 2012. Panchmahalkar’s team is now working on releasing Matriux Leandros, which is currently in beta and includes a significant revamp of the existing version.

“Matriux Arsenal is divided into sections with a broader classification of tools for Reconnaissance, Scanning, Attack Tools, Frameworks, Radio (Wireless), Digital Forensics, Debuggers, Tracers, Fuzzers and other miscellaneous tool providing a wider approach over the steps followed for a complete penetration testing and forensic scenario,” Panchmahalkar wrote of the tool set.

“We always tried to stay updated with the tool and hardware support and so include the latest tools and compile a custom kernel to stay abreast with the latest technologies in the field of information security.”

One aspect of Matriux is that it is designed to run via a Live environment like a CD/ DVD or USB stick, which Panchmahalkar says is quite helpful in computer forensics and data recovery analysis, investigations.

Retrievals can be made not only from Physical Hard drives but also from Solid state drives and NAND flashes used in smart phones as well.

“With Matriux, we also support and work with the projects and tools that have been discontinued over time, and keep track of the latest tools and applications that have been developed and presented in the recent conferences,” Panchmahalkar continued.

Panchmahalkar has been an independent security researcher for past 3 years, and the Development Lead for Matriux since 2009. Currently, he is a Research Assistant at Texas Tech University on Cyber Security of Smart Grid Energy Systems, he completed a Masters Degree in Computer Science in May of this year, and was a finalist for the America’s Information Security Leadership Award 2012 (AISLA) presented by by (ISC)2.

Panchmahalkar says Matriux was initially a project which focused on the needs of a limited group who required hands-on training in the field of information security and digital forensics.

“The project started off back in 2009 to help people train in security by providing them with single point solution for all their training needs. Matriux was initially an Open Source Slax based security live distribution with all the tools needed for penetration testing, vulnerability assessment and forensic analysis,” Panchmahalkar said in an email interview.

The project has since gained widespread importance in the field of information security and forensic analysis, and even though his team only consists of a handful security enthusiasts, Panchmahalkar says they continue work on the project due to the overwhelmingly positive response they have received over the years.

“Matriux was the first full-fledged security distribution to be directly based on Debian, and is currently a member of Open Invention Network (OIN),” Panchmahalkar said.

Although Matriux has been around for quite a long time, it has never officially been presented or featured at any of the major security conferences until now.

“Las Vegas is a haven for security conferences, and this talk will surely appeal to the audience by demonstrating the benefit of having a pre-configured setup for all sorts of security needs,” Panchmahalkar explained.

“Matriux is different than other tool sets and will force changes to the already existing security distributions in similar categories.”

Panchmahalkar believes his presentation will be especially beneficial for Security Developers, Auditors, Digital Forensic Experts, Penetration Testers, Security Evangelists and students, as it is designed to provide a deep examination of the development of Matriux as well as penetration testing and forensics for newcomers to the field.

“I hope the audience will gain the benefit of using a pre-configured set up for their penetration testing and forensic analysis rather than having setup the configuration for each of their needs,” Panchmahalkar explained.

“They will hopefully have a way of ease for their security lab setup, and I also hope at least a handful of attendees will be encouraged enough to come up with a new idea that would be beneficial for the entire security community. We are ourselves looking forward to expanding the Matriux project to develop a Matriux Forensic and Matriux Malware Editions which we hope will result in a more focused project.”